Professional Documents
Culture Documents
Assurance engagement
An engagement in which a practitioner
expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria. (Handbook of ISA; IFAC)
guide the professional and personal conduct of members of the Association and/or its certification holders. Members and ISACA Certification holders shall: 1.Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems.
professional care, in accordance with professional standards and best practices. 3.Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.
information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties. 5.Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence.
performed; revealing all significant facts known to them. 7.Support the professional education of stakeholders in enhancing their understanding of information systems security and control. Failure to comply with this Code of Professional Ethics can result in an investigation in to a members or certification holders conduct and, ultimately, in disciplinary measures.
Auditing
Evaluation
Organization System Process Project Product
Performed by
Competent Independent Objective
Issue report
Why do we plan?
To improve effectiveness
Enhance the chance of success
To improve efficiency
Achieve the best result with the least resources
Assign resources
Develop strategy
Risk
Is the potential that a given threat will exploit
Risk Assessment
Identifying business risks relevant to financial
reporting objectives; Estimating the significance of the risks; Assessing the likelihood of their occurrence; and Deciding about actions to address those risks.
-PSA 315.15
party consultants.
design, testing, data conversion, go-live decision, migration to production environment, documentation of new or revised systems, and user training. Acquisition and implementation of off-the-shelf packages. Request for changes to the existing systems. Acquisition, implementation, and maintenance of system software .
which CIS services are measured. Performance and capacity management controls. Event and problem management controls. Disaster recovery/contingency planning, training, and file backup. Computer operations controls. Systems security. Physical and environment controls.
Monitoring controls
Monitoring of key CIS performance indicators. Internal and external CIS audits.
Application Control
Controls over input Controls over processing and computer data
before being processed by the computer. Transactions are accurately converted into machine readable form and recorded in the computer data files. Transactions are not lost, added, duplicated or improperly changed. Incorrect transactions are rejected, corrected and, if necessary, resubmitted on a timely basis.
transactions, are properly processed by the computer. Transactions are not lost, added, excluded, duplicated or improperly changed. Processing errors are identified and corrected on a timely basis.
Assign resources
Develop strategy
References
PAPS 1008 PSA 315 ISACA